View Issue Details

This bug affects 1 person(s).
 2
IDProjectCategoryView StatusLast Update
18528Feature requestsAuthenticationpublic2022-12-05 11:49
ReporterLDBV Assigned Toollehar  
PrioritynoneSeverityfeature 
Status feedbackResolutionopen 
Summary18528: No minimum Password quality in LimeSurvey 3.28
Description

We made a Penetration-Test with our own LimeSurvey V3.28.32 Server. The result was, that even the Admin password can be changed to a simple "A".

For security reasons It should at least be possible in LimeSurvey 3.28 to enforce minimum password quality (f.e. minimum length = 8, need for special characters, upper, lower, numeric,...).

Thanks.

Additional Information

There is a (never solved) ticket from 2014 (08524) to this problem.

Tagspassword, security
Bug heat2
Users affected %

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

ollehar

ollehar

2022-12-05 11:49

administrator   ~73000

This is fixed in LimeSurvey 5, I believe?

Issue History

Date Modified Username Field Change
2022-11-30 10:51 LDBV New Issue
2022-11-30 11:00 LDBV Tag Attached: security
2022-11-30 11:00 LDBV Tag Attached: password
2022-12-05 11:49 ollehar Note Added: 73000
2022-12-05 11:49 ollehar Bug heat 0 => 2
2022-12-05 11:49 ollehar Assigned To => ollehar
2022-12-05 11:49 ollehar Status new => feedback